Difference between revisions of "See what server IP is sending mail to iis mail relay"

From roonics
Jump to navigation Jump to search
(Created page with "test")
 
 
(One intermediate revision by the same user not shown)
Line 1: Line 1:
test
+
I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP.
 +
So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.
 +
 
 +
<pre>
 +
Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
 +
$line | out-file -FilePath "c:\temp\output.log" -Append
 +
}
 +
 
 +
</pre>
 +
 
 +
Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10
 +
 
 +
Example log file output:
 +
<pre>
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
 +
</pre>
 +
 
 +
So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10
 +
 
 +
[[Category:PowerShell]]
 +
[[Category:IIS]]
 +
[[Category:Mail relay]]

Latest revision as of 13:49, 17 September 2021

I recently had to change the IP of a mail relay but people were unsure who was still using via the old IP. So I added the new IP as a secondary IP then ran this script once a week to report who was still using it, that allowed me to those systems updated to point to the new IP.

Get-Item *.log | ForEach-Object { $fil=$_.Name; foreach ($line in Get-Content $fil ) { if ($line -like "*10.10.10.10*") Write-Output $fil" "$line }
$line | out-file -FilePath "c:\temp\output.log" -Append
}

Run this in the log directory for the IIS mail server logs and it will output a file to c:\temp\output.log with any IPs that may be sending mail via 10.10.10.10

Example log file output:

10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -
10.20.20.20 - SMTPSVC1 smtprelay01 10.10.10.10 0 QUIT - - 240 0 0 - -

So here we can see that a server 10.20.20.20 is trying to send mail via 10.10.10.10